.. SPDX-License-Identifier: GPL-2.0 or GPL-3.0
.. Copyright © 2019 Ariadne Devos

How reliable must s² be?
========================

Absent bugs
-----------

It is paramount that s² cannot be taken over by any soft means.
This is mostly accomplished by eliminating all run-time errors.
The prime classes are: out-of-bounds accesses (OOB) and overflow
(OF). (TODO: state the obvious reasons: overwriting executable
code, messing things up in general)

Invulnerability to hard means is desirable, but less plausible.
(TODO: gnunet.org has a paper on measuring pressure within a
sealed box containing a router; in case of a drop, memory is
wiped.)

The second class are logic bugs, ranging from incorrect permission
(TODO: more about ~worthiness, really) checks to sending information
that shouldn't and cryptographic vulnerabilities.

(XXX: cross-reference to Specification hints)

Present limitations
-------------------

Warning: the leakiness of s² is at the grace of the well-functioning
of the processor and memory. s² cannot halt water, power spikes and
drains, lightning, fires, EMPs, radiation, pressure, lack of cooling
elements etc.. Without proper hardware precautions, these can damage
hardware and hence interfere with the operation of the software.

Warning: processors may leak information through EM-radiation
(including visible light, but in that case, the leak probably was
essential). Protecting software systems against leaky hardware
with a physically nearby hostile observer is still an open problem.

For a few key secrets, such as secret keys however, there are *some*
guarantees e.g. concerning timing.

Warning: the Internet is a bit unreliable, so there cannot be hard
deadline or bandwidth guarantees on that matter.

Future migrations
-----------------

New storage, communication or processing devices, changes in software
standards, or a bug or a new feature in s² -- the hardware must be
migrated to the updated software or vice-versa.

TODO: how to proceed in these scenarios: live-patching, live migration,
data migration, multi-head displays ...
